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Pointers to encrypted data in RTP header 

A method and system for real-time transmitting ftame-formatted user data 
through joining thereto frame localizing data placed in predetermined governance locations, 
whilst hefoie transmission efifectmg an encryption procedure that excludes said locali2dng data, 
and a system, a traosmitter apparatus, a receiver apparatus, and a signal produced by such 
5 transmitter apparatus for use with such method. 



BACKGROUND OF THE DSrVENTION 

The invention relates to a system as recited in the preamble of Claim 1 . Data, and 

10 in particular, but not restricted to, multi-media data are at present being encrypted for 

implementing mter aUa various conditional access schemes to allow creators and distributors of 
the original mattsa: to collect an ^propriate amount of retributions from users of such 
mformation. At Ihe recdver side, the user data mustbe reciq)erated in order to aUow for orderly 
representing, viewing, listening, executing, and other user-associated operations. The actual 

1 5 transmission via some transmission medium, such as a netwoik, will take place on a packetized 
level, where the packets are standardized for fbs network or netwo^ in question. 

A first approach is to effect the encryption on the basis of a Real Time Protocol 
transmissionpacket,wMchisarelativelysimpleprocedure and is akight for protecting the 

transmission proper. Alternatively, a higher protection level can be attained that will also remam 
in force at the receiver side: this can be done by having the encryption implemented on the basis 
of the frame structure of the source data or user data. It is also feasible to implement a 
combination of the two above ^proaches. Now, the encryption should advantageously be 
executed in a standard component that should not need to effect compUcated preprocessing to 
find the start of a frame. Tberefore. all of the above procedures will need an easy mechanism to 
25 straightforwardly find the beginning of the flames. 



20 
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SUMMARY TO THE INVENTION 

. In consequence, amongst other things, it is an object of the present invention to 
add specific localizing information to allow the encoder mechanism and possibly, also the 
decoder mechanism to quiddy and easily find the start of the various fiames. 

5 Now therefore, accordbg to one of its aspects the invention is characterized 

according to the characterizing part of Claim 1 . 

Further to the above, the present inventor has recognized that a slight 
modification to the above may allow to have only a part of the user data being effectively 
encrypted, whilst still enabling the immediate locedizing of the various such encrypted parts, as 

10 has been recited in Claim 2. The invention also relates to a system being arranged for 

implementing the method as claimed in Claim 1 , to a transmitter apparatus and to a receiver 
apparatus for use in such system, and to a signal produced by such transmitter apparatus. Further 
advantageous aspects of the iuvention are recited in dependent Clsums, 

15 

BRIEF DESCRIPTION OF THE DRAWING 

These and fiirther aspects and advantages of the invention will be discussed more 
in detail ho^mafler with reference to the disclosure of preferred embodunents, and in particular 
with reference to the appended Figures that show: 
20 Figure 1 , a system arranged for implementing the inventive method; 

Figure 2, a data fonnat implementation for use in the present invention; 

Figure 3, an amended format with respect to Figure 2 that has partial encrypting. 



25 DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS 

The quality of content information, sudi as audio or video on the Internet is 
improving due to steady advances in coding technology and in transmission bandwidth. Content 
providers intend to seU sudi high value content, and therefore, a need is arismg for effecting 
conditiional access or digital rights management, as it is called. Such conditional access system 

30 will encrypt a content item and will subsequently manage the associated decryption keys in such 
manner that only authorized end users will be able to decrypt and tiiereby reconstitute the 

original content in fiill. 

Now, multi-media data is generally stmctured in fiames, wherein the size of a 
frame is related to the category of mformation. Furthermore, the size of a transmitted fiame may 
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relate to the degree of compaction and other processing it has been subjected to before 
encryption. In fact, the frames may be larger as well as smaller than the packets used for actual 
transmission. Therefore, a single transmission packet may contain one or more frames, or 
fractional parts of a frame. Streaming is a technology wherein a cUent wiU play or otherwise use 
5 frie content as soon as it will arrive, so there will be no downloading of all, or a substantial part 
oi^ an entire content before playing- Streaming will not allow for retransmission of packets. The 
content user will have to cope with the occurrence of lost data. 

Now for optimum protection, content is best encrypted at the frame level, even 
with non-uniform frame size. Such encryption at flie frame level will allow for persistent or end- V 
1 0 to-end encryption that applies to both transmitted as well as to stored content Preferably, the 
systern cpn^>onent that implements the actual encryption is a geuOTic component, and should 
therefore be independent of specific streaming servers and independent of specific frame 
formats. One way to achieve this is to define flie encryption component as a Realtime- 
Transmission-Protocol- or RTP-translator. At present, vktually all streaming servers are using 
15 the RTP streaming protocol. Therefore, the encryption component could receive the RTP 
packets, encrypt the payload, and subsequently forward the encrypted RTP packets. 
Alternatively, the encryption may be integrated with the streaming server. 

Alternatively, the encryption may be executed on the level of ^e RTP-packet 
This will protect flie transinission proper, whilst suixendering part of the protection at the 
20 receiver side after receiving. Also, a combination of these two enayption approaches is feasible, 
such as by assigning the appropriate encryption level on the basis of a contiE^ency strategy viz a 
viz available hardware facilities. 

A problem is posed in that flie headers of tiie fi:ames must remam unencrypted, 
such as when the encryption is eflEected at tiie frame level, This requires that the generic 
25 encryption component should analyze the payloads of the RTP packets to identify the positions 
of tiie frame headers. Such would however lower the performance of the encryption component, 
and will also make the encryption component dependent on actual frame formats. 

The present invention provides a solution to tiie problem in question by 
extending the headers of RTP packets to include pointers to tiiose parts of tiie RTP packet 
30 payload that actuaUy need to be encrypted. The pomters are set by tiie streaming server. The 

server may do fliis as part of tiie so-caUed hint process, tiiat is an off-hne analysis of multi-media 
data, so tiiat tiie data may be streamed more efficientiy at a later mstant hi time. The result of the 
hint process is stored m parallel to the content in a so-called hint track 
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Figure 1 illvistrates a system arranged for implanentii^ the inventive method. 
Input 23 receives tlie user data frames, that are transiently stored into storage 22, which 
accommodates storage of a plurality of such frames, Processing block 24 thereiqion joins to 
these data frames frame header localizing infonnations in the context of an RTP packet that may 
5 comprise a plurality of such user frames, but not necessarily an integer number thereof. The 
result of this processing is transiently stored in blodc 26 tiiat accommodates multiple RTP 
payloads. For brevity, the specific Iiint trade mentioned supra has not been shown separately. In 
feet, the hint track fecility wiU be recognized by persons skilled in tiie art as a standard facility. 
In practice, such hint track will be implemented at the input side of block 23 to allow indicating 
10 the various frame locations. Before transmission, the user data are aacrypted in encryption 
module 28 and transmitted over communication feiciUty 30, sudi as Intemet. The whole 
procedure at the transmitter side of the system shown may be synchronized by overall 
synchronization facility 20 as indicated by dashed lines leading therefixjm. 

At the receiving side, decryption is effected through decryption facility 34, and 
15 the result thereof is traosiently stored in block 36. Reconstitution of the user frames is effected in 
• processing feciUty 38, foUowed by transiently storing mblock 40. User appUcation is then 
symbolized by block 42. Storage blocJs 3 6, 40 do not accommodate downloading of a complete 
program or a substantial part thereof but raflier will provide for some synchronizing to cater for 
transfer speed variations of communication fecihty 30. Agam, at the receiver side, overall 
20 synchronization is effected through synchronizer block 32. 

Figure 2 illustrates an exemplary data fomaat implanentation for use in the 
present invention. For brevity, only a single unplementation has been shown. Various data 
blocks 50-60 of tiie RTP configuration have been shown m tiie Figure. Of these, blocks 54-60 
constitute the RTP payload, wherein blocks 56, 60 each contain an encrypted frame payload, 
25 and blocks 54, 58 contain flie associated frame headers. Note tiiat the lengtiis of blodcs 56. 60 
need not be uniform. Block 50 contains an RTP header, and is foUowed by block 52 tiiat 
contains pomters. As shown m tiie figure, tiie pomters 62 indicate botii tiie begimnng a^^ 

end of eadi encrypted frame payload. Now, tiie header 50 is found in tiie hint track; pomters 52 
are extensions of tiie RIP header 50. This hint track is used by tiie stieaming server for 

30 packaging flie RTP packets. 

Figure 3 iUustiates an amended format wifliiespect to Figure 2 tiiat has partial 
encryption of tiie user data. For brevity, only flie aspects tiiat differentiate from Figure 2 have 
been indicated spedficaUy. Witinntiie frame payload. tiie discrimination between encrypted (E) 
and unencrypted user datahas been indicatedbyaslantedUne-TTielocalizmginfo^^ 
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indicated by 62 in this case will now specifically indicate (63, 65) llie ends of the respective 
encrypted parts, assuming that the encryption starts from the begimving of the frame's user data. 
Of course, other partial encryptions may be used. The encryption itself may be done on the level 
of a frame or partial frame, on the level of a packet, or be based on a combination thereof. 
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CLAIMS: 



1 . A method for real-time transmitting or retransmitting frame-formatted user data 
whilst thereon effecting before such (re-)traiismitting an encryption procedure, 

said method being characterized by the step of, associated to subjecting said user 
data to said encryption procedure, joining to said user data appropriate frame localizing data and 
5 placing such frame localizmg data into predetermined governance locations which, just as well 
as header informations, are excluded from subsequent said encryption procedure. 

2. A method as claimed in Clakn 1 , whilst subj ecting only a part of said user data to 
said encryption procedure whilst providing for encryption localizmg data m said govemance 

10 locations to discriimnate between encrypted and non-encrypted parts of said user data. 

3. A method as claimed in Claim 1 or 2, wherein such govemance locations are 
header extension information locations. 

15 4. A method as claimed in Claim 1 or 2, wherein said user data after encryption are 

transmitted in RTP-packets, and v^erem said user data are encrypted on a level of said RTP 
packet 

5. AmethodasclaimedinClaimlor2,wherebisaiduserdataar^ 
20 frame level. 

6 . A method as claimed in Claims 4 or 5 wherein said transmission allows for 
imparting partial frames to a packet, as weU as allovsdng to impart a plurality of frames to a 
sii^e packet 



25 



7. A method as claimed in Claim 3 . wherein such header eKtensioa infomiation 

location has a plurality of frame localizing data. 
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8. A method as claimed in Claim 1 or 2, wheieia such governance locations are 
placed within a separate hint track. 

9. A system arranged for implementing a method as claimed in Claim 1 and having 
transmission means for real-tinre transmitting or retransmitting frame-formatted user data and 
enrayption means for effecting before such (re-)transmitting an based encryption procedure on 
said user data, 

said system being characterized by compriang next to said encryption means 
joining means for joining to said user data frame localizing data and placing such frame 
localizing data into predetermined governance locations vdiich, just as well as head«r 
informations, are excluded from subsequent said rajacyption. 

10. A system as claimed in Claim 9, and being arranged for interfedng to Internet as 
a transmission medium. 

11. A transmitter ^paratus being arranged for use as a station in a system as claimed 
inClaim9. 

12. A signal produced by a station as claiiiied in Claim 11. 

13. A receiver q)paratus bdng arranged for use as a station in a system as clamed in 
Claim 9 andhaving decryptionmeans for upon reception decrypting user datathathad been 

subject to said encryption procedure for outputdng user data so decrypted as based on frames 

containing said user data. 

' 14. AreceiverapparatusasclaimedinClaiml3,whereinsdddecryptionmeansare 
operational on a frame level. 

15. A receiver apparatus as clauned in Claim 13. wherein said decryption means are 

operational on a packet level. 
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1 2 

l*OLlCY BASED SELECTIVE ENCRYPTION FIG. 2 illuslrales a formatled stream of compressed video 

OF COMPRESSED VIDEO DATA dala in lurthcr details; 

FIG. 3 illustrates one embodiment of a video data unit in 
further details; 

BACKGROUND OF THE INVENTION 5 FIG. 4 illustrates a group of pictures in a video object unit 

1. Field of the Invention ^" .^^^^^ 

rp. • . 1 . . ^ r . . , . FIGS. 5-9 are block diagrams illustrating various 

Tills mvenuon relates to the art of data enco^plion. and m emlx,diments of the present indention; and 

particular, to the art of encrypting video data for subsequent -^^^^^^^^^^ embodiment of a computer system 

rendering on processor-based video systems. ^^^^^^^ pr^ciidng a software implementation of the 

2. Background of the Invention present invention. 

Tliere is substantial interest in the computer and enter- ' DETAILED DESCRIPTION OF THE 

lainment industries m incorporating video dala mto raulli- INVENTION 
media and related applications for use on processor-based 

video systems. Potential growth in this area has been 15 following description, various aspects of the 

enabled by the development of video compression schemes present invention will be described. However, it will be 

that reduce the amount of video data required to display high apparent to those skilled in the art that the present invention 

quality video images, and by the development of storage practiced with only some or all aspects of the present 

media, such as digital video discs (DVDs), which can invention. For purposes of explanation, specific numbers, 

accommodate data (in compressed form) for an entire movie 20 niaterials and configurations are set forth in order to provide 

on a single compact disc. ^ thorough understanding of the present invention. However, 

With the compressed data of an entire movie readily be apparent to one skilled in the art that the 

available in a single compact disc, naturally content provid- P"^^"^ ^T""^ ""^^ ^ ^uT"^ T''''^ ^^"^ 

ere are extremely concerned with the unauthorized copying ^l^f ' instances, well known features are omitted 

of the contem. Thus, content providers are plannina tS 25 or simplified m order not to obscure the present invention, 

encrypt the compressed dala. As a result, the video dala must ^^^^ descnption will be presented in terms of 

be decrypted before they can be decompressed for renderincr. operations performed by a computer system, using tenns 

The prcsem practice is to encrypt the entire conten" such as data, flagji, bits, values, characters, strings, numbers 

However, the present practice has the disadvantage of sicr- ^'^^^ consistent with the manner commonly 

nificanlly burdening the processor during the decryption and ^ ^"^Pj^^ ^y those^skilled in the art to convey the substance 

decompression phase. Experience has shown that the of their work to others skilled m the arL As well unde^^^^^ 

decryption and decompression of a fully encrypted MPEG those skilled m the art, these quantities take the form of 

compressedmoviecanconsumcasmuchasover30%ofthe ^^^^^^^f' "^fsnetic, or optical signab capable of being 

available processor cycles, even with the latest high perfor- stored transferred, combined, and other^vise man^ulaled 

mancc pri:essors. Thus, a less burdening approach to p«. ^^^^^^^ mechanical and electnca components of the co^ 

venting unauthorized copying of MPEG compressed video P^ter^y^*^^- ^"^/^e term conapuier system mclude^^^^^^^^^ 

data LS desirable purpose as well as special purpose data processing 

machines, system.s, and the like, that are standalone, adjunct 

SUMMARY OF THE INVENTION or embedded. 

^ . . . V .... ..40 Referring now to FIG. 1. wherein a block diagram illus- 

Basic transfer units (BTUs) of compressed video data of ^^^j. invention is shown. As Uluslraled, for- 

video images are selectively encrypted in accordance with ^^^^^^ of the present invention generates a foraialted and . 

an encryption policy 10 degrade the video images to at least partially encrypted stream of compressed video and related 

a virtually useless state, if the selectively encrypted com- ^^^^ {CVD+} 18 by selectively encrypting the basic transfer 

pressed video images were to be rendered without decrypt (BTUs) of the compressed video and related data in 

tion. As a result, degradation that approximates the level ' accordance with an encryption policy 14. The BTUs are 

provided by the total encryption approach is achieved, but ^^^^^ compressed video dala (CVD) 11, overlay data 

requiring only a fraction of the processor cycle cost required ^ „ ^j^^ captions, compressed audio data (CADI . , , 

by the total encryption approach, to decrypt and render the cADn) 15. and navigation control 17. As wiU be readily 

video images. apparent from the description to follow, the video images of 

In some embodiments, the encryption policy is {CVD+} 18 are degraded to a level that approximates the 

predetermined, while in others, it is dynamically adjusted. In degradation achieved by a total encryption approach, but 

one embodiment, where the video images are MPEG requiring only a fraction of the processor cycle cost required 

compressed, all BTUs containing either the start code for a the total encryption approach to decrypt and render the 

group of pictures or the start code for a particular frame are video images. 

encrypted, to prevent recovery of the video frames. In an jjj embodiment, video images are compressed in 

alternate embodiment, a fraction of the BTUs of an I-frame, accordance with one of the standards promulgated by the 

and a fraction of the BTUs of a P-frame arc encrypted, to Moving Pictures Expert Group (MPEG, group ISO-IEC- 

deslroy data references by future frames. jjqi SC29AVG11) .and the Joint Photographic Experts 

oDTccnccr^DiimnM nDAwiMrQ 60 Group (JPEG, ISO/lEC International Standard 10918-1). 

BRIEF DESCRIPTION OF DRAWINGS ^^^^^^ ^^^^^^.^^ ^^^^^^^ redundancy in the video 

The present inveation will be described by way of exem- data is reduced by application of lossy data transfonnalions. 
plary embodiments, but not limitations, iUustratcd in the Hereafter, MPEG is used to refer to MPEG-1 (ISO standard 
accompanying drawings in which like references denote 1 1 172), MPEG-2 (ISO standard 138 18IS0), and JP^G corn- 
similar elements, and in which: 65 pliant compression processes. Audio data arc dolby AC3 or 

HG. 1 is a block diagram illustrating the present inven- MPEG audio (MPEGl or MPEG2). The selected BTUs are 

lion; encrypted employing a stream cipher technique. 
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FIG. 2 illustrates the fortnalled and partially encrypted every 3 of 4BTUs38' of an I-frameSO within a VOBU. and 

{CVD+J 18 in fiirthcr details. As shown, {CVD+) 18 are every fourth BTU 38' of an P-frame34 within the VOBU are 

formatted into video data units ( VDUs) 20. In an cmbodi- encrypled, to destroy data relerences for future frames. None 

ment where the compressed video data are organaed in of the BTUs 38' of B-frames 32 within a VOBU are 

accordance with a DVD scheme, VDUs 20 are video object encrypled. Experience has shown that the number of BTUs 

units ( VOBUs). FIG. 3 illustrates one embodiment of a VDU " 38* encrypted is a small percentage of all BTUs 38\ In other 

20, more specifically, a VOBU corre.sponding to a group of words, onlv a few percent of the processor cycles required 

pictures, in ftirthcr details. As shown, a VDU 20 or VOBU by the total encryption approach for decryption will be 

includcsnavigalioninformation22, multiple series of com- required to decrypt and render the partially encrypled 

pressed video frames 24 interleaved with series of com- |CVD+| 18. and ycllhe video images of partially encrypted 

pressed audio frames 26 and scries of compressed overlay {CVD+J 18 are degraded to a level that is virtually usele-ss, 

data frames 28. spanning a number of BTUs 38. The approximating the degradation achieved by the total cncryp- 

constituiion of a BTU 38 is application dependent. An ^ion approach. 

example of a BTU 38 is a data packet. In a DVD application, FIGS. 5-9 illustrates various embodiments of the present 

each BTU 38 corresponds to a data packet for a disk sector, invention. FIG. 5 illustrates embodiment 10a wherein "for- 

in the order of 2 k bytes. In a digital satellite service (DSS) ^' matter'' 12 of FIG, 1 is replaced with encryption module 12'. 

application, each BTU 38 corresponds to a transmission Encryption module 12' performs the selective encryption 

packet. based on encryption policy 14' as described earlier. 

FIG. 4 illustrates a scries of compressed video frames 24 However, encryption module 12' receives a formatted 

in a VOBU in further delails. As shown, a series of com- "^^f^S ^^'!,'f' ^^^.^ ""'"^^'^ 

pressed video frames 24 include a compressed I-frame 30, a l^'l'^'^^ f ' nl instead. HG. 6 illustrates 

number of compre.ssed B-frames 32. and a number of 106 wherein the present mvcnlion tur her 

onrT,«r..cc^.i D f^-T . * nT^rT ^o, kt l Mcludcs uscr interface 42 for specifying encryption pobcy 

r ' ^^""^r^ 'o%®™' ^! • ^^^^P''^^^ ^^^^^^ 12'. fig' 7 musl7ales embodi. 

"'^"^ ^her^^ ^he present invention further includes 

ary aligned wuhBTUs38'.EachofI.frame30,B.framcs32, 35 analyzer 44 for analyzing the video images of CVD 16 to 

and P-frames 34 includes a start code 36. Each VOBU, that dynamically adjust encryption policy 14'. For examples. 

IS, each group of pictures, also includes a start code (not analyzer 44 may adjust encryption policy 14' based on 

shown). certain frame statistics maintained for the video images of 

Compressed I-firame 30 is generated in reference to itself, CVD 16. Alternatively, analyzer 44 may adjust encryption 
and is used as a reference frame for reconstituting the group 30 policy 14' based on the detection of a number constant or 
of 'pictures during decompression. Compressed I-frame 30 "slow" changing "landmarks", e.g. a mountain scene. Ana- 
includes almost exclusively "motionless" macroblocks. lyzer 44 may provide the analysis results to a uscr through 
Compressed B-frames 32 are generated using motion com- user interface 42, who in turn will adjust encryption policy 
pensated predictions referencing preceding as well as sub- 14' through user interface 42. Alternatively, analyzer 44 may 
sequent I-frames and P-frames. Compressed B-frames 32 35 apply the analysis results directly to adjust encryption policy 
include mostly backward as well as forward motion vectors. 14'. Statistical analysis of video images, as well as detection 
Compressed P-frames 34 are generated using motion com- for "static" imagery in video images may be performed 
pensated predictions referencing preceding l-frames and using any one of a number of these analysis techniques 
P-frames. Compressed P-frames 34 include mostly forward known in the art. Similarly, for both embodiments lO^r and 
motion vectors, and a small amoimt of motionless macrob- 40 106, encryption module 12* may encrypt a selected BTU 38 
locks. The manner in which compressed I-frame 30, using any number ofencryption techniques known in the art. 
B-frames 32 and P-frames 34 may be generated is well . FIG. 8 illustrates embodiment lOd, which is similar to 
known in the art. embodiment 106, except "encryption" module 12" is imple- 

FIG. 4 also illustrates one embodiment of an encryption mented with a selector, and "encryption policy" 14" is 

policy 40. As shown, in accordance with the illustrated 45 implemented with a selection policy. "Encryption" or selec- 

embodiment of encryption policy 40, each BTU 38^ con- lor module 12" is provided with fully encrypted video 

taining the start code of cither a group of pictures, an I-frame images of CVD+ 16. that is [CVD+] 46, as well as CVD+ 

30. one of the B-frames 32 or one of the P-frames 34 is 16. Whenever a BTU 38 is selected for encryption, instead 

encrypted. As will be appreciated by those skilled in the art, of encrypting the selected BTU 38 on the fly, selector 12" 
by encrypting each of the BTUs 38' containing the start code 50 simply selects and outputs the corresponding portion of 

of a group of pictures or the start code of a frame, frames 30, [CVD+] 46. FIG. 9 illustrates embodiment lOe, which is 

32 and 34 are unrecoverable, that is effectively "destroyed", similar to embodiment 10c, except "encryption" module 12" 

if the video images of partially encrypted {CVD+} 18 are is implemented with a selector, and **encryption policy" 14" 

rendered without decryption. As will be also appreciated by is implemented with a selection policy, as described earlier, 
those skilled in the art, the number of BTUs 38' containing 55 Encryption module 12' as well as "encryption" or selector 

start codes for the various groups of pictures and the start module 12" may be implemented in hardware or software, 
codes of I, B and P-frame 30, 32 and 34 is a very small FIG. 10 illustrates one embodinaent of a computer system 

percentage of all BTUs 38'. In other words, only a few suitable for practicing a software implementation of the 

percent of the processor cycles required by the total encryp- present invention. As shown, for the illustrated embodiment, 
tion approach for decryption will be required to decrypt and 60 computer system 100 includes processor 102, memory 104, 

render the partially encrypted {CVD+ } 18, and yet the video system bus 106, mass storage 108, input devices 110, display 

images of partially encrypted {CVD-i-} 18 are degraded to adapter 112 and display 114 coupled to each other as shown, 

the same level (that is, total "destruction'^) as the degradation Except for the manner they are used to practice the present 

achieved by the total encryption approach. invention, each of these elements 102-114 performs its 

In an alternate embodiment, a fraction of the BTUs of 65 corre^nding conventional 6inction known in the art, and 

either the I-frames 30 or the P-frames 34 are encrypled, to each of these elements 102-114 is intended to represent a 

destroy data references for future frames. For example, .broad category of similar elements known in the art. 
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In particular, memory 104 is used to Store a working copy 7. An apparatus comprising an encryption module for 

each of formatter/encrypt ion/sclcc(or module 12 and selectively encrypting basic transfer units (BTUs) of a 

encryption/selection policy 14. Memory 104 may also be stream of MPEG compressed video data in accordance with 

used to store a working copy each of end user interface 42 an encryption policy, the stream of MPEG compressed video 

and analyzer 44, Mass storage 108 is used to store a working data being organized into multiple video object units 

copy of CVD 11, CVD+16, {CVD+} 18, and/or [CVD+] 46, " (VOBUs), with each VOBU being further organized into a 

Alternatively, for systems with large memory or for small plurality of BTUs, wherein the encryption policy prescriT^es 

amount of video data, CVD 11, CVD+ 16, {CVD+) 18 forencryptionofa fractionof ihe BTUs of an I-frame within 

and/or [CVD+] 46 may also be stored in memory 104. a VOBU 

Finally, mass storage 108 may also .be used to store a g The apparatus as set forth in claim 7, wherein 

permanent copy of formatter/encryplion/selector module 12 . r f*u c 

IrtA *in,^r««t.Wc^i-^f- /i'^ lA II » the cocryption poUcy prcscnbes for encryption of thrcc of 

ana encryption/selection policy 14. as well as end user v i r -.u- 

interface 42 and analyzer 44. ^''^^ ^" l-it^mc, wilhm a VOBU. 

While the present invention has been described in terms ^ An apparatus comprising an encryption module for 

of the above illustrated embodiments, those skilled in the art selective y encrypting basic transfer units (BTUs) of a 

will recognize that the invention is not limited to the stream of MPEG compressed video data m accordance with 

embodiments described. The present invention may be prac- *° encryption policy, the stream of MPEG compressed video 

ticed with modification and alteration within the spirit and ^^^^ ^^^°g organized into multiple video object units 

scope of the appended claims. The description is thus to be (VOBUs). with each VOBU being further organized into a 

regarded as illustrative instead of restrictive on the present plurality of BTUs, wherein the encryption polity prescribes 

invention. 20 for encryption of a fraction of the BTUs of a P-framc within 

Thus, a method and apparatus for policy based selective . ^ VOBU. 

encryption of compressed video data has been described. 10- The apparatus as set forth in claim 9, wherein 

What is claimed is: the encryption policy prescribes for encryption of every 

1. An apparatus comprising a formatter module for selec- fourth BTU of a P-frame within a VOBU. 

lively encrypting basic transfer units (BTUs) of a stream of 25 11. An apparatus comprising a selector module for gen- 
MPEG compressed video and related data in accordance erating a partially encrypted stream of MPEG compressed 
with an cnciyption policy, the stream of MPEG compressed video data by selectively outputling basic transfer units 
video and related data bemg organized into multiple video (BTUs) of a formatted (but unencrypted) stream of MPEG 
object units (VOBUs), with each VOBU being further compressed video data and BTUs of a formatted and 
organized into a plurality of BTUs, wherein the encryption 30 encrypted stream of MPEG compressed video data, in 
policy prescril>es for encryption of each BTU containing. a accordance with a selection policy, each of the formatted 
start code of either a group of pictures, an I-frame. a B-frame unencrypted and encrypted streams of MPEG compressed 
or a P-frame. video data being organized in multiple video object units 

2. An apparatus comprising a fomsatter module for selec- (VOBUs), with each VOBU being further organized into a 
lively encrypting basic transfer units (BTUs) of a stream of 35 plurality of BTUs, wherein the selection policy prescribes 
MPEG compressed video and related data in accordance for selection of each BTU containing a start code of either 
with an encryption policy, the stream of MPEG compressed ^ g^up of pictures, an I-frame, a B-frame or a P-frame 
video and related data being organized into multiple video within a VOBU from the formatted encrypted stream of 
object units (VOBUs), with each VOBU being further MPEG compressed video data, 

organized into a plurality of BTUs, wherein the encryption 40 12. An apparatus comprising a selector module for gen- 
policy prescribes for encryption of a fraction of the BTUs of crating a partially encrypted stream of MPEG compressed 
an ]-frame within a VOBU. video data by selectively outputting basic transfer units 

3. The apparatus as set forth in claim 2, wherein (BTUs) of a formatted (but unencrypted) stream of MPEG 
the encryption policy prescribes for encryption of three of . compressed video data and BTUs of a formatted and 

every four BTUs of an I-frame within a VOBU. 45 encrypted stream of MPEG compressed video data, in 

4. An apparatus comprising a formatter module for selec- accordance with a selection policy, each of the formatted 
lively encrypting basic transfer units (BTUs) of a stream of unencrypted and encrypted streams of MPEG compressed 
MPEG compressed video and related data in accordance video data being organized in multiple video object units 
with an encryption policy, the stream of MPEG compressed (VOBUs), with each VOBU being further organized into a 
video and related data being organized into multiple video 50 plurality of BTUs, wherein the selection policy prescribes 
object units (VOBUs), with each VOBU being further for selection of a fraction of the BTUs of an I-firame within 
organized into a plurality of BTUs, wherein the encryption a VOBU from the formatted encrypted stream of MPEG 
policy prescribes for encryption of a fraction of the BTUs of compressed video data. 

a P-frame within a VOBU, 13. The apparatus as set forth in claim 12, wherein pi the 

5. The apparatus as set forth in claim 4, wherein 55 selection policy prescribes for selection of three of every 
the encryption policy prescribes for encryption of every four BTUs of an I-frame, within a VOBU, from the format- 
fourth BTU of a P-frame within a VOBU. ted encrypted stream of MPEG compressed video data. 

6. An apparatus comprising an encryption module for 14. An apparatus comprising a selector module for gen- 
selectively encrypting basic transfer units (BTUs) of a erating a partially encrypted stream of MPEG compressed 
stream of MPEG compressed video data in accordance with 60 video data by selectively outputting basic transfer units 
an encryption policy, the stream of MPEG compressed video (BTUs) of a formatted (but unencrypted) stream of MPEG 
data being organized into multq)lc video object units compressed video data and BTUs of a formatted aiid 
(VOBUs). with each VOBU being further organized into a encrypted stream of MPEG compressed video data, in 
plurality of BTUs. wherein the encryption policy prescribes accordance with a selection policy, each of the formatted 
for encryption of each BTU containing a start code of either 65 unencrypted and encrypted streams of MPEG compressed 
a group of pictures, an I-firame, a B-frame or a P-frame video data being organized in multiple video object units 
within a VOBU. (VOBUs), with each VOBU being further organized into a 
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plurality of BTUs, wherein Ihe selectioD policy prescribes 
for seleciion of a fraction of the BTUs of a P-framc wilhin 
a VOBU from the formatted encrypted streams of the MPEG 
compressed video data. 

15. The apparatus as set forth in claim 14, wherein 

the selection policy prescribes for encryption of every 
fourth BTU of a P-frame wilhin a VOBU from the 
formatted encrypted stream of MPEG compressed 
video data. 

16. An apparatus comprising 

a storage medium having stored therein a plurality of 
programming instructions for implementing an encryp- 
tion function for selectively encrypting basic transfer 
units (BTUs) of MPEG compressed video data, in 
accordance with an encryption policy, the MPEG com- 
. pressed video data being organized into multiple video 
object units (VOBUs), with each VOBU being further 
organized into a plurality of BTUs, wherein the encryp- 
tion policy prescribes for encryption of each BTU 
containing a start code of a group of pictures or a start 
code of a frame within a VOBU; and 

an execution unit coupled to the storage medium for 
executing the plurality of programming instructions 
during operation. 

17. The apparatus as set forth in claim 16, wherein 

the encryption policy prescribes for encryption of a frac- 
lion of the BTUs of an 1-firarae or a P-frame within a 
VOBU. 
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18. An apparatus comprising 

a storage medium having stored therein a plurality of 
programming instructions for implementing a selection 
function for generating a partially encrypted stream of 
MPEG compressed video data by selectively outputiing 
basic transfer units (BTUs) of an unencrypted stream of 
MPEG compressed video data and BTUs of an 
encrypted stream of MPEG compressed video data, in 
accordance with a selection policy, each of the unen- 
crypted and encrypted streams of MPEG compressed 
video data being organized into multiple video object 
units (VOBUs), with each VOBU further being orga- 
nized into a plurality of BTUs, wherein, the selection 
policy prescribes for selection of each BTU containing 
a start code a group of pictures or a start code of a frame 
within a VOBU, from the encrypted stream of cofn- 
pressed video data; . 

an execution unit coupled to the storage medium for 
executing the plurality of programming instructions 
during operation. 

19. The apparatus as set forth in claim 18, wherein 

the seleciion policy prescribes for selection of a fraction 
of the BTUs of cither an I-frame or a P-frame within a 
VOBU, from the encrypted streams of the MPEG 
compressed video data. 



